Critical Success Factors for Implementing Cybersecurity Awareness Programs in Organisations

This study explores the critical success factors that influence the effectiveness of cybersecurity awareness training in four middle and large organisations. Using a qualitative case study approach, data were collected through interviews, focus groups, and document reviews. The study identified five key factors that contributed to program success: leadership support, experiential learning, clear communication, emotional engagement, and continuous evaluation. These factors varied across the organisations, leading to different levels of training effectiveness. In addition, Fogg’s Behaviours Model was used to help interpret whether the training efforts led to actual behaviour change. We found that in the more effective programs, such as those that used simulations, elements like emotional content and hands-on activities supported this pattern, aligning with the components of Fogg’s model (motivation, ability, and trigger). This study contributes practical insights for improving cybersecurity awareness training by showing what factors matter most in real settings. It also highlights areas that are still lacking, such as tailored content, cultural relevance, and consistent reinforcement, which should be considered in future program design.